cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2081
Views
10
Helpful
10
Replies

Firewall FDM 5516

usmanlodhi1001
Level 1
Level 1

i have multiple interfaces in firewall when i am connected with one interface of the firewall i can ping that interface but i can't ping other interfaces of the same firewall even i am able to ping the machines working on other interfaces. can you please help me that why i can't ping other interfaces of the firewall if i can access the networks of those interfaces why i can't ping the interface and what i should do ping those interfaces or can access firewall with those interfaces i already configured the management interface and management access. it's working if i am using the same network and access the same interface but why i can't access the other interfaces? how i can access the firewall from other interfaces?

10 Replies 10

@usmanlodhi1001 

The FTD or ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface.

 

If you are connected to the inside interface, then you cannot ping through the FTD to the outside interface and expect a reply, this is by design.

 

HTH

usmanlodhi1001
Level 1
Level 1

So how i can access firewall from different Vlan

usmanlodhi1001
Level 1
Level 1

Like the user is coming from VPN from outside interface and want to access the firewall with local IP as it's accessible network that all the devices are pingable but can't access the firewall with that IP

usmanlodhi1001
Level 1
Level 1

 i attached the scenario here the user connected with FW2 want to access the FW1 on the IP 192.168.33.1.

the PC attached with FW1 as IP 192.168.33.2 are able to access 192.168.33.1.

the PC connected with FW2 can ping the 192.168.33.2 but can't access 192.168.33.1 as i already configure for the management but still it's not allowing

the PC  connected with FW2 can ping all the networks

the PC with IP 192.168.33.2 also can ping all the devices

Can you please help me how to access the FW1 from the PC connected with FW2 on IP 192.168.33.1

Qatar.PNG

You didn't mention it's a VPN in the first post, but as it's a VPN you can configure the command "management-access <interface name>" and manage the FTD/ASA over a VPN tunnel using icmp, ssh or http.

usmanlodhi1001
Level 1
Level 1

i am using FDM so this command is not working

Use FlexConfig

usmanlodhi1001
Level 1
Level 1

Still that user with FW2 can't access the firewall what else should i do?

 

i used flexconfig and used the command but it's not showing in running-config and also not working 

usmanlodhi1001
Level 1
Level 1

I configured the flexconfig now the interface is pingable but still can't access as i already configured the management access interface for any any but still not allow me to ssh or https kindly suggest something

Review Cisco Networking for a $25 gift card